Properties Used by the ClientSDK

Access Manager properties are contained in the AMConfig.properties file. Generate the AMConfig.properties for
the Client SDK by running the following command:

# make -f Makefile.clientsdk properties

The following sections describe the properties expected by the
Access Manager Client SDK. A client application deployed within a
servlet container can register for changes to session, user attributes
and policy decisions. These properties must be set to receive such
notifications.

Naming URL Properties

com.iplanet.am.naming.url

This is a required property. The value of this property
represents the URL where the Client SDK would retrieve the URLs of Access Manager internal
services. This is the URI for the Naming Service. Example:

Monitoring Framework Property

Remote Client SDK Property

If you want to use a remote instance of the Client
SDK, set the value of this property as follows:

com.iplanet.amsdk.package=remote

The default value is ldap if the property
is not defined.

Federation Properties

The following properties are used to configure interactions
in a federated environment. These properties are not automatically
generated and placed in the AMConfig.properties file
when you run the make -f Makefile.clientsdk properties command.
You must manually add the properties to the file as needed.

com.sun.identity.liberty.ws.soap.supportedActor

Supported SOAP actors. Each actor must be separated
by a pipe (|). Example:

Indicates the URL for WSPRedirectHandlerServlet to
handle Liberty the WSF web service provider-resource owner. Interactions
are based on user agent redirects. The servlet should be running in
the same JVM where the Liberty service provider is running.

com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice

Indicates whether the web service client should participate
in an interaction. Valid values are interactIfNeeded | doNotInteract
| doNotInteractForData . Default value is interactIfNeeded. Default value is used if an invalid value is specified.

Indicates whether the web service client should include userInteractionHeader. Valid values are yes and no (case ignored). Default value is yes.
Default value is used if no value is specified.

com.sun.identity.liberty.interaction.wscWillRedirect

Indicates whether the web service client will redirect
user for an interaction. Valid values are yes and no. Default value is yes. Default value
is used if no value is specified.

com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime

Indicates the web service client preference for acceptable
duration (in seconds) for an interaction. If the value is not specified
or if a non-integer value is specified, then the default value is 60.

com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck

Indicates whether the web service client enforces
that redirected to URL is HTTPS. Valid values are yes and no (case ignored). The Liberty specification requires the
value to be yes. Default value is yes.
Default value is used if no value is specified.

com.sun.identity.liberty.interaction.wspWillRedirect

Indicates whether the web service provider redirects
the user for an interaction. Valid values are yes and no (case ignored). Default value is yes.
Default value is if no value is specified.

com.sun.identity.liberty.interaction.wspWillRedirectForData

Indicates whether the web service provider redirects
the user for an interaction for data. Valid values are yes and no. Default value is yes. If no value
is specified, the value is yes.

com.sun.identity.liberty.interaction.wspRedirectTime

Web service provider expected duration (in seconds)
for an interaction. Default value if the value is not specified or
is a non-integer value is 30.

com.sun.identity.liberty.interaction.wspWillEnforceHttpsCheck

Indicates whether the web service client enforces
that returnToURL is HTTP. Valid values are yes and no (case ignored). Liberty specification
requires the value to be yes. Default value is yes. If no value is specified, then the value used is yes.

Used to determine which version of the Liberty identity
web services framework is to be used when the framework can not determine
from the inbound message or from the resource offering. This property
is used when Access Manager is acting as the web service client.
The default version is 1.1. The possible values are 1.0 or 1.1.

com.sun.identity.liberty.ws.soap.certalias

Value is set during installation. Client certificate
alias that will be used in SSL connection for Liberty SOAP Binding.

com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval

Default value is 60000. Specifies the number of milliseconds
to elapse before cache cleanup events begin. Each message is stored
in a cache with its ownmessageID to avoid duplicate
messages. When a message's current time less the received time exceeds thestaleTimeLimit value, the message is removed from the
cache.

com.sun.identity.liberty.ws.soap.staleTimeLimit

Default value is 300000. Determines if a message is
stale and thus no longer trustworthy. If the message timestamp is
earlier than the current timestamp by the specified number of milliseconds,
the message the considered to be stale.

com.sun.identity.liberty.ws.wsc.certalias

Value is set during installation. Specifies default
certificate alias for issuing web service security token for this
web service client.

com.sun.identity.liberty.ws.trustedca.certaliases

Value is set during installation. Specifies certificate
aliases for trusted CA. SAML or SAML BEARER token of incoming request.
Message must be signed by a trusted CA in this list. The syntax is cert alias 1[:issuer 1]|cert alias 2[:issuer 2]|..... Example: myalias1:myissuer1|myalias2|myalias3:myissuer3. The value
issuer is used when the token doesn't have a KeyInfo inside the signature.
The issuer of the token must be in this list, and the corresponding
certificate alias will be used to verify the signature. If KeyInfo
exists, the keystore must contain a certificate alias that matches
the KeyInfo and the certificate alias must be in this list.

Using a Properties File

You can set properties in a properties file and then provide
a path to it at runtime. The properties files must be in the CLASSPATH.
The default properties file name is AMConfig.properties and
is always read at start-up.

To Set Client SDK Properties in a Properties
File

Generate a sample AMConfig.properties by
running the following command:

make -f Makefile.clientsdk
properties

The AMConfig.properties will
be present in the temp directory.

Edit properties to suit your environment.

Note –

At runtime, if the file name is different from AMConfig, provide the file name (without the .properties extension)
and path. The path should be in the CLASSPATH by declaring the JVM
option:

-Damconfig=filname

Using the Java API

The ClientSDK properties can also be set programmatically using
the class: com.iplanet.am.util.SystemProperties.
See the following example.